Thursday, June 18, 2015

Kaspersky a victim of a spohisticated cyber-attack

Kaspersky Lab revealed last wednesday that a very sophisticated cyber-attack named Duqu penetrated some of its internal systems by exploiting a zero-day flaw in the Windows Kernel. This APT attack is operating since 2012 that shows how sophisticated Duqu is - even a security giant Kaspersky is unable to figure out its presence for such a long period. A new version dubbed Duqu 2 arised in 2014 and continue its operations in 2015 as well targeting western countries, the Middle East and Asia. According to security researchers initial attempts started in Asia-Pacific region via spear-phishing emails. Several modules have been identified to perform a 'pass the hash' attack target the local network. Duqu 2 uses various strategies to spread on the network. It is confirmed by Kaspersky engineers that the attack was carried out by installing Microsoft Windows Installer Packages (MSI) and then launching it remotely to other hosts. <more>